ALT-PU-2018-1256-1
Package perl-DBD-mysql updated to version 4.046-alt1 for branch sisyphus in task 200730.
Closed vulnerabilities
BDU:2017-01671
Уязвимость модуля DBD::mysql драйвера DBD::mysql, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Modified: 2024-11-21
CVE-2017-10788
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
Modified: 2024-11-21
CVE-2017-10789
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
- 99364
- 99364
- https://github.com/perl5-dbi/DBD-mysql/issues/110
- https://github.com/perl5-dbi/DBD-mysql/issues/110
- https://github.com/perl5-dbi/DBD-mysql/issues/140
- https://github.com/perl5-dbi/DBD-mysql/issues/140
- https://github.com/perl5-dbi/DBD-mysql/pull/114
- https://github.com/perl5-dbi/DBD-mysql/pull/114